There are various techniques available to control the use of text, graphics, computer aided designs and other electronic documents. In many circumstances, it is desirable to ensure that a given document can only be used by one or more specific persons. Additional limitations on use are also often desirable. For example, a particular person's use of a document may be limited with respect to time of use such that that person can only use the document until a specified date. As another example, a person's use of a document may be limited with respect to type of use such that the person can view the document but cannot edit, copy, or print the document.
Documents are commonly encrypted to ensure that unauthorized persons cannot access the contents of the document. Distribution of the encryption keys that allow use of such encrypted documents can be controlled in various ways. Such encryption keys can, for example, be maintained at a separate network location and accessed by remote client devices when an authorized person attempts to use a document. The client device can send the person's credentials to a remote server, receive an encryption key from the remote server, and use that key to access the document. The person using the client device may be unaware of this process and may not have access to the provided encryption key. For example, the person may simply enter a username and password and the client device application may use that information to access the server, obtain the key, and open the document for the person to use. The remote server may have also provided particular policy information that defines how that person may use the document. The client device may receive this policy information and enforce the policy details, for example, by preventing the person from editing the document.
Existing servers that maintain document encryption key and policy detail information for documents require the storage and use of information about each individual document. For example, a database is used to store one or more records for each document that identifies whether a particular person has access to the document and defines the particular uses for which the person has permissions. One deficiency of such systems is that they can require a large amount of storage and communication. The storage and communication requirements can require significant resources particularly in circumstances in which the number of documents and persons is very large. As a particular example, if a service provider sends out monthly statements to hundreds of millions of customers where each such document requires a record in a database, the volume of storage and communication can be particularly burdensome.